[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#246232: unnecessary warnings about insecure working directory

Package: apt
Version: 0.5.24
Severity: normal

I get the following warning multiple times when running apt-get from
a command-line as root user, with working directory /incoming:

    /usr/lib/ruby/1.8/debian.rb:77: warning: Insecure world writable dir /incoming/., mode 040777

"ls -l -d /incoming" gives:

    drwxrwxrwx   39 root     root         4096 2004-04-27 18:28 /incoming

The warning is given or not given as the permissions on the working
directory vary.

So the fact about the directory is true, but I think I should not be
warned about this fact.  I think it should not matter what the
permissions are on the working directory when I invoke apt-get.  If it
does, then this is a more serious bug.

Whether this is a problem in libdpkg-ruby1.8 or in apt-get, I don't
know, so I am submitting this report about the program I invoked
directly.

-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "i386";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "if dpkg -s apt-listbugs | grep -q '^Status: .* ok installed'; then /usr/sbin/apt-listbugs apt || ( test $? -ne 10 || exit 10; echo 'Warning: apt-listbugs exited abnormally, hit any key to continue.' 1>&2 ; read a < /dev/tty ); fi";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";

-- (no /etc/apt/preferences present) --


-- /etc/apt/sources.list --

#deb http://ftp.us.debian.org/debian/ sarge main

#deb http://mirrors.kernel.org/debian/ testing main non-free contrib
#deb-src http://mirrors.kernel.org/debian/ testing main non-free contrib

#deb http://security.debian.org/ stable/updates main contrib non-free

#deb http://mirrors.kernel.org/debian/ testing main non-free contrib
#deb-src http://mirrors.kernel.org/debian/ testing main non-free contrib

deb http://security.debian.org/ stable/updates main contrib non-free

# MSS above came from Debian install on new Jesse (commented out first two of last three lines above)

# See sources.list(5) for more information

# primary
# http://http.us.debian.org/debian
# http://non-us.debian.org

# mirrors
# http://llug.sep.bnl.gov/debian
# http://lyre.mit.edu/debian
# http://mirror.csit.fsu.edu/debian-non-US/

# apt-build
# deb file:/var/cache/apt-build/repository apt-build main
# MSS
# bug 157761 says above is wrong and try this (works).
# MSS think this must be first
# removed this package until it's more mature 8/28/02
# deb file:/var/cache/apt-build/repository ./


# my latest and past work can be found under the following APT source lines:
# use this source line for unstable drivers
#deb http://people.debian.org/~rdonald/nvidia unstable/i386/
# use this line for unstable kernel modules
#deb http://people.debian.org/~rdonald/nvidia modules-unstable/i386/
#use this line for experimental prerelease drivers
#deb http://people.debian.org/~rdonald/nvidia pre/i386/


### US
#deb     http://http.us.debian.org/debian stable                           main contrib non-free
deb     http://http.us.debian.org/debian testing			   main contrib non-free
#deb     http://http.us.debian.org/debian unstable			  main contrib non-free
## ALT
#deb     http://debian.crosslink.net/debian unstable			   main contrib non-free

#deb-src http://http.us.debian.org/debian stable			   main contrib non-free
deb-src http://http.us.debian.org/debian testing			   main contrib non-free
#deb-src http://http.us.debian.org/debian unstable			  main contrib non-free
## ALT
#deb-src http://debian.crosslink.net/debian unstable			  main contrib non-free

#deb	http://http.us.debian.org/debian proposed-updates                  main contrib non-free
#deb	http://http.us.debian.org/debian testing-proposed-updates          main contrib non-free

#deb-src http://http.us.debian.org/debian proposed-updates                 main contrib non-free
#deb-src http://http.us.debian.org/debian testing-proposed-updates         main contrib non-free

### NON-US
#deb     http://non-us.debian.org/debian-non-US stable/non-US              main contrib non-free
deb     http://non-us.debian.org/debian-non-US testing/non-US             main contrib non-free
#deb     http://non-us.debian.org/debian-non-US unstable/non-US            main contrib non-free

#deb-src http://non-us.debian.org/debian-non-US stable/non-US              main contrib non-free
deb-src http://non-us.debian.org/debian-non-US testing/non-US             main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US unstable/non-US            main contrib non-free

#deb 	http://non-us.debian.org/debian-non-US proposed-updates/non-US          main contrib non-free
#deb 	http://non-us.debian.org/debian-non-US testing-proposed-updates/non-US  main contrib non-free

#deb-src http://non-us.debian.org/debian-non-US proposed-updates/non-US         main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US testing-proposed-updates/non-US main contrib non-free

### Mozilla's java -- needed any more?

#deb     ftp://ftp.tux.org/packages/java/debian testing                         main non-free
#deb     ftp://ftp.tux.org/packages/java/debian unstable                        main non-free

#deb-src ftp://ftp.tux.org/packages/java/debian testing                         main non-free
#deb-src ftp://ftp.tux.org/packages/java/debian unstable                        main non-free

### KDE
# NOTE: unstable goes directly into Debian unstable/testing
#deb     http://ftp.us.kde.org/pub/kde/stable/latest/Debian stable         main
# NOTE: no deb-src here
## ALT
#deb     ftp://ibiblio.org/pub/packages/desktops/kde/stable/latest/Debian  stable main
#deb     http://ftp.du.se/pub/mirrors/kde/stable/latest/Debian             stable main 

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.5
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages apt depends on:
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libgcc1                     1:3.3.3-6    GCC support library
ii  libstdc++5                  1:3.3.3-6    The GNU Standard C++ Library v3

-- no debconf information
Reply to: